This is an Visual Studio Code
extension for detecting insecure coding practices in python code. These insecure coding practices are also known as security smells. These smells can leave room for exploitation of software system ands lead to security breaches. To help the practioners, this tool has been developed to locate these smells in code.
Bad File Permission
Command Injections
Cross-site scripting
Constructing SQL upon Input
Debug Set to True in Deployment
Exec Statement
Empty Password
Hard-coded Secrets
Hard-coded IP Address Binding
Hard-coded tmp Directory
Insecure Data Deserialization
Insecure Dynamic Code Execution
Ignore Except Block
Insecure YAML operation
No Certificate Validation
No Integrity Check
Use of HTTP without TLS
Use of assert Statement
The following things need to be installed for the software -
python 3.8